Add guardian rule pages to website and link to them from tool

Author: mansurpasha

docs/no-default-memory.md

@@ -0,0 +1,24 @@
+---
+id: no-default-memory
+title: no-default-memory
+sidebar_label: no-default-memory
+---
+
+# No Functions Have Memory Configuration Left as Default (no-default-memory)
+
+Lambda Functions memory is configurable and should be configured for the use-case.
+This can impact the speed and running cost of the Lambda Function.
+
+> **Note:** Any increase in memory size triggers an equivalent increase in CPU available to your function
+
+---
+
+## Suggested Actions:
+
+- Look into your CloudWatch Logs for the Lambda function to find `Max Memory Used` [more information](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html)
+
+```
+REPORT RequestId: 3604209a-e9a3-11e6-939a-754dd98c7be3	Duration: 12.34 ms	Billed Duration: 100 ms Memory Size: 128 MB	Max Memory Used: 18 MB
+```
+
+- Power-tune using [aws-lambda-power-tuning](https://github.com/alexcasalboni/aws-lambda-power-tuning)

docs/no-default-timeout.md

@@ -0,0 +1,29 @@
+---
+id: no-default-timeout
+title: no-default-timeout
+sidebar_label: no-default-timeout
+---
+
+# No Functions Have Timeout Configuration Left as Default (no-default-timeout)
+
+Lambda Function timeout is configurable and should be configured for the use-case.
+This can impact timeout errors, running costs and security (e.g. "Denial of Wallet").
+The default is 3 seconds in AWS, but 6 with the Serverless Framework.
+The maximum allowed value is 900 seconds.
+
+< 5 seconds is generally suitable for API endpoints.
+
+> **Note:** API Gateway has a limit of 29 seconds.
+
+---
+
+## Suggested Actions:
+
+- Look into your CloudWatch Logs for the Lambda function to find `Duration` ([more information](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html))
+
+```
+REPORT RequestId: 3604209a-e9a3-11e6-939a-754dd98c7be3	Duration: 12.34 ms	Billed Duration: 100 ms Memory Size: 128 MB	Max Memory Used: 18 MB
+```
+
+- Power-tune using [aws-lambda-power-tuning](https://github.com/alexcasalboni/aws-lambda-power-tuning)
+  > **Note:** Any increase in memory size triggers an equivalent increase in CPU available to your function, which can be useful in lowering timeout.

docs/no-identical-code.md

@@ -0,0 +1,28 @@
+---
+id: no-identical-code
+title: no-identical-code
+sidebar_label: no-identical-code
+---
+
+# No Functions Have Identical Deployment Code (no-identical-code)
+
+Lambda Function should have their code packaged optimally as it may affect cold start times.
+Also, deploying a monolithic codebase is not advised.
+
+---
+
+## Suggested Actions:
+
+- Look at your deployment artifact to see if there is code that should be removed.
+- If you're using the Serverless Framework specify individual packaging [more info](https://www.serverless.com/framework/docs/providers/aws/guide/packaging/):
+
+```
+service: my-service
+
+package:
+  individually: true
+
+```
+
+- Use the `serverless package` command if you use the serverless framework.
+  - Look in the `.serverless` directory to see the deployment artifacts.

docs/no-max-memory.md

@@ -0,0 +1,24 @@
+---
+id: no-max-memory
+title: no-max-memory
+sidebar_label: no-max-memory
+---
+
+# No Functions Have Memory Configuration To Maximum Limit (no-max-memory)
+
+Lambda Functions memory is configurable and should be configured for the use-case.
+This can impact the speed and running cost of the Lambda Function.
+
+> **Note:** Any increase in memory size triggers an equivalent increase in CPU available to your function
+
+---
+
+## Suggested Actions:
+
+- Look into your CloudWatch Logs for the Lambda function to find `Max Memory Used` [more information](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html)
+
+```
+REPORT RequestId: 3604209a-e9a3-11e6-939a-754dd98c7be3	Duration: 12.34 ms	Billed Duration: 100 ms Memory Size: 128 MB	Max Memory Used: 18 MB
+```
+
+- Power-tune using [aws-lambda-power-tuning](https://github.com/alexcasalboni/aws-lambda-power-tuning)

docs/no-max-timeout.md

@@ -0,0 +1,29 @@
+---
+id: no-max-timeout
+title: no-max-timeout
+sidebar_label: no-max-timeout
+---
+
+# No Functions Have Timeout Configuration To Maximum Limit (no-max-timeout)
+
+Lambda Function timeout is configurable and should be configured for the use-case.
+Having it set at the maximum is rarely appropriate, unless processing a lot of data.
+The default is 3 seconds in AWS, but 6 with the Serverless Framework.
+The maximum allowed value is 900 seconds.
+
+Having it set at the maximum can allow inefficient code to be released, increased billed duration in case of code errors and can lead to expensive cloud bills via "Denial of Wallet" attacks.
+
+< 5 seconds is generally suitable for API endpoints.
+
+---
+
+## Suggested Actions:
+
+- Look into your CloudWatch Logs for the Lambda function to find `Duration` ([more information](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html))
+
+```
+REPORT RequestId: 3604209a-e9a3-11e6-939a-754dd98c7be3	Duration: 12.34 ms	Billed Duration: 100 ms Memory Size: 128 MB	Max Memory Used: 18 MB
+```
+
+- Power-tune using [aws-lambda-power-tuning](https://github.com/alexcasalboni/aws-lambda-power-tuning)
+  > **Note:** Any increase in memory size triggers an equivalent increase in CPU available to your function, which can be useful in lowering timeout.

docs/no-shared-roles.md

@@ -0,0 +1,17 @@
+---
+id: no-shared-roles
+title: no-shared-roles
+sidebar_label: no-shared-roles
+---
+
+# No Functions Have Shared IAM Roles (no-shared-roles)
+
+IAM Roles allow granular access control to be specified per function.
+To ensure least privilege, one role should be used per function so that the underlying policy can be configured correctly.
+
+---
+
+## Suggested Actions:
+
+- Define one IAM Role per Function and configure them to ensure least privilege.
+- If you're using the Serverless Framework, you can use the [serverless-iam-roles-per-function](https://github.com/functionalone/serverless-iam-roles-per-function) plugin.

src/guardian/rules/best_practices/no-default-memory/index.js

@@ -10,7 +10,7 @@ class NoDefaultMemory {
     this.failureMessage =
       "The following functions have their memory set as default.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-default-memory/no-default-memory.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-default-memory) for impact and how to to resolve.";
   }
 
   hasDefaultMemory(lambdaFunction) {

src/guardian/rules/best_practices/no-default-timeout/index.js

@@ -11,7 +11,7 @@ class NoDefaultTimeout {
     this.failureMessage =
       "The following functions have their timeout set as default.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-default-timeout/no-default-timeout.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-default-timeout) for impact and how to to resolve.";
   }
 
   hasDefaultTimeout(lambdaFunction) {

src/guardian/rules/best_practices/no-identical-code/index.js

@@ -9,7 +9,7 @@ class NoIdenticalCode {
     this.failureMessage =
       "The following functions have identical deployment code repeated in 1 or more other functions.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-identical-code/no-identical-code.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-identical-code) for impact and how to to resolve.";
     this.codeShasEncountered = {};
   }
 

src/guardian/rules/best_practices/no-max-memory/index.js

@@ -10,7 +10,7 @@ class NoMaximumMemory {
     this.failureMessage =
       "The following functions have their memory set to the maximum limit.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-max-memory/no-max-memory.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-max-memory) for impact and how to to resolve.";
   }
 
   hasMaximumMemory(lambdaFunction) {

src/guardian/rules/best_practices/no-max-timeout/index.js

@@ -10,7 +10,7 @@ class NoMaximumTimeout {
     this.failureMessage =
       "The following functions have their timeout set as the maximum.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-max-timeout/no-max-timeout.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-max-timeout) for impact and how to to resolve.";
   }
 
   hasMaximumTimeout(lambdaFunction) {

src/guardian/rules/best_practices/no-shared-roles/index.js

@@ -9,7 +9,7 @@ class NoSharedRoles {
     this.failureMessage =
       "The following functions have roles used by 1 or more other functions.";
     this.rulePage =
-      "See (https://github.com/Theodo-UK/sls-dev-tools/blob/guardian-ci/src/guardian/rules/best_practices/no-shared-roles/no-shared-roles.MD) for impact and how to to resolve.";
+      "See (https://theodo-uk.github.io/sls-dev-tools/docs/no-shared-roles) for impact and how to to resolve.";
     this.IAMRolesEncountered = {};
   }
 

website/i18n/en.json

@@ -5,6 +5,30 @@
     "previous": "Previous",
     "tagline": "Dev tools for the serverless world",
     "docs": {
+      "no-default-memory": {
+        "title": "no-default-memory",
+        "sidebar_label": "no-default-memory"
+      },
+      "no-default-timeout": {
+        "title": "no-default-timeout",
+        "sidebar_label": "no-default-timeout"
+      },
+      "no-identical-code": {
+        "title": "no-identical-code",
+        "sidebar_label": "no-identical-code"
+      },
+      "no-max-memory": {
+        "title": "no-max-memory",
+        "sidebar_label": "no-max-memory"
+      },
+      "no-max-timeout": {
+        "title": "no-max-timeout",
+        "sidebar_label": "no-max-timeout"
+      },
+      "no-shared-roles": {
+        "title": "no-shared-roles",
+        "sidebar_label": "no-shared-roles"
+      },
       "pricing": {
         "title": "Cloudwatch Pricing",
         "sidebar_label": "Cloudwatch Pricing"
@@ -19,7 +43,8 @@
     },
     "categories": {
       "Installation and Use": "Installation and Use",
-      "Pricing": "Pricing"
+      "Pricing": "Pricing",
+      "Guardian Rules": "Guardian Rules"
     }
   },
   "pages-strings": {

website/sidebars.json

@@ -1,6 +1,14 @@
 {
   "docs": {
     "Installation and Use": ["README"],
-    "Pricing": ["pricing"]
+    "Pricing": ["pricing"],
+    "Guardian Rules": [
+      "no-max-timeout",
+      "no-max-memory",
+      "no-shared-roles",
+      "no-identical-code",
+      "no-default-memory",
+      "no-default-timeout"
+    ]
   }
 }